<? 
session_start();
				
include ('conn.php');
				
$db = get_conn();
				
check_session();
		  
if ($_POST['Agregar']!=""){
	$sql = "INSERT INTO assets (name,astatus,restrictions,id_facility) VALUES (
	\"".htmlspecialchars($_POST['name'])."\",
	\"".htmlspecialchars($_POST['astatus'])."\",
	\"".htmlspecialchars($_POST['restrictions'])."\",
	\"".htmlspecialchars($_POST['id_facility'])."\")";
			
	$result = mysql_query($sql);
 	if($result){
 		do_redirect('../assets.php')	;			
 	}else{
 		error_handling('assets.insert  - '.$sql,mysql_error());
 	}				  
		 
}//Agregar
		  
if ($_POST['Actualizar']!=""){
			
	$sql = "update assets set 
	name=\"".htmlspecialchars($_POST['name'])."\",
	astatus=\"".htmlspecialchars($_POST['astatus'])."\",
	id_facility=\"".htmlspecialchars($_POST['id_facility'])."\",	
	
	restrictions=\"".htmlspecialchars($_POST['restrictions'])."\"
 
	where id_asset=".$_POST['id_asset'];
			 
			
	$result = mysql_query($sql);
			
	if($result){
 		do_redirect('../assets.php');
	}else{
		error_handling('assets.update - '.$sql,mysql_error());
	}				  
		 
}//update
		  
if ($_POST['Eliminar']!=""){
			
	$sql = "delete from assets where id_asset=".$_POST['id_asset'];
			
	$result = mysql_query($sql);
			
	if($result){
 		do_redirect('../assets.php');
	}else{
		error_handling('assets.delete - '.$sql,mysql_error());
	}				  
		 
}//delete
		  
if ($_POST['Nuevo']!=""){
	do_redirect('../assets.php');
}//nuevo

?>